From 8b94af6eff569af3cc01c364cf57229cf557c80a Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 3 Apr 2023 21:26:16 +0200 Subject: [PATCH] MONITOR: validate value of 'user' option. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only 'root' and SSSD_USER are valid values. Reviewed-by: Iker Pedrosa Reviewed-by: Pavel Březina --- .gitignore | 1 + src/man/Makefile.am | 2 ++ src/man/sssd.conf.5.xml | 30 ++++++++++++++++++------------ src/monitor/monitor.c | 30 +++++++++++++++++++----------- 4 files changed, 40 insertions(+), 23 deletions(-) diff --git a/.gitignore b/.gitignore index dff9716d95a..46b78375d9b 100644 --- a/.gitignore +++ b/.gitignore @@ -115,6 +115,7 @@ test-authtok .pytest_cache __pycache__ .venv +src/man/sssd_user_name.include # multihost tests !src/tests/multihost/sssd diff --git a/src/man/Makefile.am b/src/man/Makefile.am index 0d15e1339fc..fbb19e2b272 100644 --- a/src/man/Makefile.am +++ b/src/man/Makefile.am @@ -127,8 +127,10 @@ SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< .5.xml.5: + @echo -n $(SSSD_USER) > $(dir $<)/sssd_user_name.include $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< + @rm -f $(dir $<)/sssd_user_name.include .8.xml.8: $(XMLLINT) $(XMLLINT_FLAGS) $< diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 448e867ea65..69551f5d74e 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1,6 +1,9 @@ +"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" +[ + +]> SSSD Manual pages @@ -409,20 +412,23 @@ The user to drop the privileges to where appropriate to avoid running as the root user. - - This option does not work when running socket-activated - services, as the user set up to run the processes is - set up during compilation time. + Currently the only supported value is '&sssd_user_name;'. + - The way to override the systemd unit files is by creating - the appropriate files in /etc/systemd/system/. + + This option does not work when running socket-activated + services, as the user set up to run the processes is + set up during compilation time. - Keep in mind that any change in the socket user, group or - permissions may result in a non-usable SSSD. The same may - occur in case of changes of the user running the NSS - responder. - + The way to override the systemd unit files is by creating + the appropriate files in /etc/systemd/system/. + + Keep in mind that any change in the socket user, group or + permissions may result in a non-usable SSSD. The same may + occur in case of changes of the user running the NSS + responder. + Default: not set, process will run as root diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 80a4c0939d6..0d8500afa12 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -825,9 +825,13 @@ static char *check_services(char **services) static int get_service_user(struct mt_ctx *ctx) { + errno_t ret = EOK; + + ctx->uid = 0; + ctx->gid = 0; + #ifdef SSSD_NON_ROOT_USER - errno_t ret; - char *user_str; + char *user_str = NULL; ret = confdb_get_string(ctx->cdb, ctx, CONFDB_MONITOR_CONF_ENTRY, CONFDB_MONITOR_USER_RUNAS, @@ -837,18 +841,22 @@ static int get_service_user(struct mt_ctx *ctx) return ret; } - ret = sss_user_by_name_or_uid(user_str, &ctx->uid, &ctx->gid); - talloc_free(user_str); - if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n"); - return ret; + if (strcmp(user_str, SSSD_USER) == 0) { + sss_sssd_user_uid_and_gid(&ctx->uid, &ctx->gid); + } else if (strcmp(user_str, "root") != 0) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Unsupported value '%s' of config option '%s'! Only 'root' or '" + SSSD_USER"' are supported.\n", + user_str, CONFDB_MONITOR_USER_RUNAS); + sss_log(SSS_LOG_CRIT, "Unsupported value of config option '%s'!", + CONFDB_MONITOR_USER_RUNAS); + ret = ERR_INVALID_CONFIG; } -#else - ctx->uid = 0; - ctx->gid = 0; + + talloc_free(user_str); #endif - return EOK; + return ret; } static int get_monitor_config(struct mt_ctx *ctx)